Relationship between the permit/deny rules in an ACL and those in the behavior of a traffic policy

Latest reply: Jun 30, 2018 15:55:14 237 1 0 0
Hello, 


Please check the information below while configuring the ACL and the traffic policy. It is very useful to know it :

Table 1 Usage of permit/deny rules in an ACL and in a behavior

ACL

Behavior in a Traffic Policy

Action Taken for Matching Packets

permit

permit

permit

permit

deny

deny

deny

permit

deny

deny

deny

deny

icon-note.gif NOTE:

The traffic policy module permits packets by default. If you just want to block mutual access between network segments, you only need to define the characteristics of the packets to be denied in the ACL. If you add rule permit at the bottom of the ACL, the packets that do not match previous rules will match the last rule. In addition, if the traffic behavior is set to deny, the device discards all packets matching rule permit. As a result, all services are interrupted.

From group: Switch
  • x
  • convention:

TTTony Created Jun 30, 2018 15:55:14 Helpful(0) Helpful(0)

if we configure the redirect next-hop in the traffic behavior , and there is a deny in the acl, if the packets match the acl deny, the packets will be drop directly. it will not forward. but in Cisco switch , it will be forward via route-table . this is a little difference with Cisco.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top